{"id": "OPENVAS:831199", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for subversion MDVSA-2010:199 (subversion)", "description": "Check for the Version of subversion", "published": "2010-10-19T00:00:00", "modified": "2017-12-14T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831199", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.mandriva.com/security-announce/2010-10/msg00020.php", "2010:199"], "cvelist": ["CVE-2010-3315"], "lastseen": "2017-12-14T11:49:01", "viewCount": 0, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2017-12-14T11:49:01", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3315"]}, {"type": "openvas", "idList": ["OPENVAS:862666", "OPENVAS:68459", "OPENVAS:862476", "OPENVAS:870654", "OPENVAS:1361412562310862666", "OPENVAS:1361412562310862480", "OPENVAS:136141256231068459", "OPENVAS:862480", "OPENVAS:1361412562310862476", "OPENVAS:1361412562310831199"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11199", "SECURITYVULNS:DOC:24906", "SECURITYVULNS:VULN:11518", "SECURITYVULNS:DOC:25963"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2118-1:A7BB7", "DEBIAN:BSA-004-:1B7CA"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2011-0258.NASL", "FEDORA_2010-16115.NASL", "MANDRIVA_MDVSA-2010-199.NASL", "SUSE_11_2_LIBSVN_AUTH_GNOME_KEYRING-1-0-101029.NASL", "SUSE_11_1_LIBSVN_AUTH_GNOME_KEYRING-1-0-101028.NASL", "DEBIAN_DSA-2118.NASL", "SUSE_11_3_LIBSVN_AUTH_GNOME_KEYRING-1-0-101029.NASL", "REDHAT-RHSA-2011-0258.NASL", "FEDORA_2010-16136.NASL", "FEDORA_2010-16148.NASL"]}, {"type": "fedora", "idList": ["FEDORA:C572C1110A3", "FEDORA:E665E111EAB", "FEDORA:07D01111076"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0258"]}, {"type": "redhat", "idList": ["RHSA-2011:0258"]}, {"type": "ubuntu", "idList": ["USN-1053-1"]}], "modified": "2017-12-14T11:49:01", "rev": 2}, "vulnersScore": 5.9}, "pluginID": "831199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for subversion MDVSA-2010:199 (subversion)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in subversion:\n\n authz.c in the mod_dav_svn module for the Apache HTTP Server,\n as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x\n before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not\n properly handle a named repository as a rule scope, which allows\n remote authenticated users to bypass intended access restrictions\n via svn commands (CVE-2010-3315).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"subversion on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-10/msg00020.php\");\n script_id(831199);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:199\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Mandriva Update for subversion MDVSA-2010:199 (subversion)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl0\", rpm:\"libsvnjavahl0~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl0\", rpm:\"lib64svnjavahl0~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn-gnome-keyring0\", rpm:\"libsvn-gnome-keyring0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn-kwallet0\", rpm:\"libsvn-kwallet0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn-gnome-keyring0\", rpm:\"lib64svn-gnome-keyring0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn-kwallet0\", rpm:\"lib64svn-kwallet0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl0\", rpm:\"libsvnjavahl0~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl0\", rpm:\"lib64svnjavahl0~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:57:28", "description": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.", "edition": 3, "cvss3": {}, "published": "2010-10-04T21:00:00", "title": "CVE-2010-3315", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3315"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:apache:subversion:1.6.7", "cpe:/a:apache:subversion:1.5.5", "cpe:/a:apache:subversion:1.5.4", "cpe:/a:apache:subversion:1.5.2", "cpe:/a:apache:subversion:1.5.6", "cpe:/a:apache:subversion:1.5.1", "cpe:/a:apache:subversion:1.6.0", "cpe:/a:apache:subversion:1.5.7", "cpe:/a:apache:subversion:1.6.4", "cpe:/a:apache:subversion:1.6.2", "cpe:/a:apache:subversion:1.5.0", "cpe:/a:apache:subversion:1.6.8", "cpe:/a:apache:subversion:1.5.3", "cpe:/a:apache:subversion:1.6.6", "cpe:/a:apache:subversion:1.6.10", "cpe:/a:apache:subversion:1.6.1", "cpe:/a:apache:subversion:1.6.3", "cpe:/a:apache:subversion:1.6.5", "cpe:/a:apache:subversion:1.6.12", "cpe:/a:apache:subversion:1.6.11", "cpe:/a:apache:subversion:1.6.9"], "id": "CVE-2010-3315", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3315", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-11T11:04:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "The remote host is missing an update to subversion\nannounced via advisory DSA 2118-1.", "modified": "2018-01-09T00:00:00", "published": "2010-11-17T00:00:00", "id": "OPENVAS:136141256231068459", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068459", "type": "openvas", "title": "Debian Security Advisory DSA 2118-1 (subversion)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2118_1.nasl 8338 2018-01-09 08:00:38Z teissa $\n# Description: Auto-generated from advisory DSA 2118-1 (subversion)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn\nmodule of subversion, a version control system, is not properly enforcing\naccess rules which are scope-limited to named repositories. If the\nSVNPathAuthz option is set to short_circuit set this may enable an\nunprivileged attacker to bypass intended access restrictions and disclose\nor modify repository content.\n\nAs a workaround it is also possible to set SVNPathAuthz to on but be\nadvised that this can result in a performance decrease for large\nrepositories.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-5.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.12dfsg-2.\n\n\nWe recommend that you upgrade your samba packages.\";\ntag_summary = \"The remote host is missing an update to subversion\nannounced via advisory DSA 2118-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202118-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68459\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-17 03:33:48 +0100 (Wed, 17 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Debian Security Advisory DSA 2118-1 (subversion)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libsvn-doc\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion-tools\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby1.8\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn1\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-subversion\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-perl\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-dev\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-java\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "Check for the Version of subversion", "modified": "2017-12-27T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:1361412562310831199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831199", "type": "openvas", "title": "Mandriva Update for subversion MDVSA-2010:199 (subversion)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for subversion MDVSA-2010:199 (subversion)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in subversion:\n\n authz.c in the mod_dav_svn module for the Apache HTTP Server,\n as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x\n before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not\n properly handle a named repository as a rule scope, which allows\n remote authenticated users to bypass intended access restrictions\n via svn commands (CVE-2010-3315).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"subversion on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-10/msg00020.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831199\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:199\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Mandriva Update for subversion MDVSA-2010:199 (subversion)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl0\", rpm:\"libsvnjavahl0~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl0\", rpm:\"lib64svnjavahl0~1.5.7~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn-gnome-keyring0\", rpm:\"libsvn-gnome-keyring0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn-kwallet0\", rpm:\"libsvn-kwallet0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn-gnome-keyring0\", rpm:\"lib64svn-gnome-keyring0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn-kwallet0\", rpm:\"lib64svn-kwallet0~1.6.11~2.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.6~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl1\", rpm:\"libsvnjavahl1~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl1\", rpm:\"lib64svnjavahl1~1.6.4~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav_svn\", rpm:\"apache-mod_dav_svn~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dontdothat\", rpm:\"apache-mod_dontdothat~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvn0\", rpm:\"libsvn0~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsvnjavahl0\", rpm:\"libsvnjavahl0~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SVN\", rpm:\"perl-SVN~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-svn\", rpm:\"python-svn~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-svn\", rpm:\"ruby-svn~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-doc\", rpm:\"subversion-doc~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"svn-javahl\", rpm:\"svn-javahl~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svn0\", rpm:\"lib64svn0~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64svnjavahl0\", rpm:\"lib64svnjavahl0~1.5.7~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:05:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "Check for the Version of subversion", "modified": "2018-01-17T00:00:00", "published": "2010-11-04T00:00:00", "id": "OPENVAS:1361412562310862480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862480", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2010-16136", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2010-16136\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"subversion on Fedora 13\";\ntag_insight = \"Subversion is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a\n hierarchy of files and directories while keeping a history of all\n changes. Subversion only stores the differences between versions,\n instead of every complete file. Subversion is intended to be a\n compelling replacement for CVS.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049883.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862480\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16136\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Fedora Update for subversion FEDORA-2010-16136\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.13~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-17T11:05:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "Check for the Version of subversion", "modified": "2018-01-16T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:1361412562310862666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862666", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2010-16148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2010-16148\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"subversion on Fedora 14\";\ntag_insight = \"Subversion is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a\n hierarchy of files and directories while keeping a history of all\n changes. Subversion only stores the differences between versions,\n instead of every complete file. Subversion is intended to be a\n compelling replacement for CVS.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050025.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862666\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16148\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Fedora Update for subversion FEDORA-2010-16148\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.13~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:05:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "Check for the Version of subversion", "modified": "2018-01-23T00:00:00", "published": "2010-11-04T00:00:00", "id": "OPENVAS:1361412562310862476", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862476", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2010-16115", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2010-16115\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"subversion on Fedora 12\";\ntag_insight = \"Subversion is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a\n hierarchy of files and directories while keeping a history of all\n changes. Subversion only stores the differences between versions,\n instead of every complete file. Subversion is intended to be a\n compelling replacement for CVS.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049898.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862476\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16115\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Fedora Update for subversion FEDORA-2010-16115\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.13~1.fc12.1\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "Check for the Version of subversion", "modified": "2017-12-25T00:00:00", "published": "2010-11-04T00:00:00", "id": "OPENVAS:862476", "href": "http://plugins.openvas.org/nasl.php?oid=862476", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2010-16115", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2010-16115\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"subversion on Fedora 12\";\ntag_insight = \"Subversion is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a\n hierarchy of files and directories while keeping a history of all\n changes. Subversion only stores the differences between versions,\n instead of every complete file. Subversion is intended to be a\n compelling replacement for CVS.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049898.html\");\n script_id(862476);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16115\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Fedora Update for subversion FEDORA-2010-16115\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.13~1.fc12.1\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:18:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "Check for the Version of subversion", "modified": "2017-12-19T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862666", "href": "http://plugins.openvas.org/nasl.php?oid=862666", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2010-16148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2010-16148\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"subversion on Fedora 14\";\ntag_insight = \"Subversion is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a\n hierarchy of files and directories while keeping a history of all\n changes. Subversion only stores the differences between versions,\n instead of every complete file. Subversion is intended to be a\n compelling replacement for CVS.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050025.html\");\n script_id(862666);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16148\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Fedora Update for subversion FEDORA-2010-16148\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.13~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "The remote host is missing an update to subversion\nannounced via advisory DSA 2118-1.", "modified": "2017-07-07T00:00:00", "published": "2010-11-17T00:00:00", "id": "OPENVAS:68459", "href": "http://plugins.openvas.org/nasl.php?oid=68459", "type": "openvas", "title": "Debian Security Advisory DSA 2118-1 (subversion)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2118_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2118-1 (subversion)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn\nmodule of subversion, a version control system, is not properly enforcing\naccess rules which are scope-limited to named repositories. If the\nSVNPathAuthz option is set to short_circuit set this may enable an\nunprivileged attacker to bypass intended access restrictions and disclose\nor modify repository content.\n\nAs a workaround it is also possible to set SVNPathAuthz to on but be\nadvised that this can result in a performance decrease for large\nrepositories.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-5.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.12dfsg-2.\n\n\nWe recommend that you upgrade your samba packages.\";\ntag_summary = \"The remote host is missing an update to subversion\nannounced via advisory DSA 2118-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202118-1\";\n\n\nif(description)\n{\n script_id(68459);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-17 03:33:48 +0100 (Wed, 17 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Debian Security Advisory DSA 2118-1 (subversion)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libsvn-doc\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion-tools\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby1.8\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn1\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-subversion\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-perl\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-dev\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-java\", ver:\"1.5.1dfsg1-5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "description": "Check for the Version of subversion", "modified": "2017-12-20T00:00:00", "published": "2010-11-04T00:00:00", "id": "OPENVAS:862480", "href": "http://plugins.openvas.org/nasl.php?oid=862480", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2010-16136", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2010-16136\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"subversion on Fedora 13\";\ntag_insight = \"Subversion is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a\n hierarchy of files and directories while keeping a history of all\n changes. Subversion only stores the differences between versions,\n instead of every complete file. Subversion is intended to be a\n compelling replacement for CVS.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049883.html\");\n script_id(862480);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16136\");\n script_cve_id(\"CVE-2010-3315\");\n script_name(\"Fedora Update for subversion FEDORA-2010-16136\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.13~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4644", "CVE-2010-4539", "CVE-2010-3315"], "description": "Check for the Version of subversion", "modified": "2018-01-09T00:00:00", "published": "2012-06-05T00:00:00", "id": "OPENVAS:870654", "href": "http://plugins.openvas.org/nasl.php?oid=870654", "type": "openvas", "title": "RedHat Update for subversion RHSA-2011:0258-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for subversion RHSA-2011:0258-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Subversion (SVN) is a concurrent version control system which enables one\n or more users to collaborate in developing and maintaining a hierarchy of\n files and directories while keeping a history of all changes. The\n mod_dav_svn module is used with the Apache HTTP Server to allow access to\n Subversion repositories via HTTP.\n\n An access restriction bypass flaw was found in the mod_dav_svn module. If\n the SVNPathAuthz directive was set to &quot;short_circuit&quot;, certain access rules\n were not enforced, possibly allowing sensitive repository data to be leaked\n to remote users. Note that SVNPathAuthz is set to &quot;On&quot; by default.\n (CVE-2010-3315)\n\n A server-side memory leak was found in the Subversion server. If a\n malicious, remote user performed &quot;svn blame&quot; or &quot;svn log&quot; operations on\n certain repository files, it could cause the Subversion server to consume\n a large amount of system memory. (CVE-2010-4644)\n\n A NULL pointer dereference flaw was found in the way the mod_dav_svn module\n processed certain requests. If a malicious, remote user issued a certain\n type of request to display a collection of Subversion repositories on a\n host that has the SVNListParentPath directive enabled, it could cause the\n httpd process serving the request to crash. Note that SVNListParentPath is\n not enabled by default. (CVE-2010-4539)\n\n All Subversion users should upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n updated packages, the Subversion server must be restarted for the update\n to take effect: restart httpd if you are using mod_dav_svn, or restart\n svnserve if it is used.\";\n\ntag_affected = \"subversion on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00014.html\");\n script_id(870654);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-05 19:35:39 +0530 (Tue, 05 Jun 2012)\");\n script_cve_id(\"CVE-2010-3315\", \"CVE-2010-4539\", \"CVE-2010-4644\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0258-01\");\n script_name(\"RedHat Update for subversion RHSA-2011:0258-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of subversion\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.6.11~2.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.6.11~2.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-debuginfo\", rpm:\"subversion-debuginfo~1.6.11~2.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.6.11~2.el6_0.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-3315"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:199\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : subversion\r\n Date : October 12, 2010\r\n Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,\r\n Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability was discovered and corrected in subversion:\r\n \r\n authz.c in the mod_dav_svn module for the Apache HTTP Server,\r\n as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x\r\n before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not\r\n properly handle a named repository as a rule scope, which allows\r\n remote authenticated users to bypass intended access restrictions\r\n via svn commands &#40;CVE-2010-3315&#41;.\r\n \r\n Packages for 2009.0 are provided as of the Extended Maintenance\r\n Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3315\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n 3c5262a04208c769fa100a2c37264909 2009.0/i586/apache-mod_dav_svn-1.5.7-0.2mdv2009.0.i586.rpm\r\n d4d0f1eb34518213d8fb71f6c639f2a0 2009.0/i586/apache-mod_dontdothat-1.5.7-0.2mdv2009.0.i586.rpm\r\n 3706eadcd645ff05210b2092a03d6e4d 2009.0/i586/libsvn0-1.5.7-0.2mdv2009.0.i586.rpm\r\n c594c657540168ba5988cb54ac948916 2009.0/i586/libsvnjavahl0-1.5.7-0.2mdv2009.0.i586.rpm\r\n 7a95024ebd0ef23308092938559e8adc 2009.0/i586/perl-SVN-1.5.7-0.2mdv2009.0.i586.rpm\r\n 3f5f72542cdc2426219c9d822a09447c 2009.0/i586/python-svn-1.5.7-0.2mdv2009.0.i586.rpm\r\n b62e8ef9ca026ff37eda18ffe8fc73fc 2009.0/i586/ruby-svn-1.5.7-0.2mdv2009.0.i586.rpm\r\n b0adcbc0ffcb59c8a8230c4c873e9789 2009.0/i586/subversion-1.5.7-0.2mdv2009.0.i586.rpm\r\n 3d54cf32b7ecf5ac32335aa858c4e7e1 2009.0/i586/subversion-devel-1.5.7-0.2mdv2009.0.i586.rpm\r\n 15bec29060ecee011910a48f94d6e2ee 2009.0/i586/subversion-doc-1.5.7-0.2mdv2009.0.i586.rpm\r\n b3a52aa4798730ef2e1ab781aa2f68cf 2009.0/i586/subversion-server-1.5.7-0.2mdv2009.0.i586.rpm\r\n 792f0462d19067e8264f06f80b48b439 2009.0/i586/subversion-tools-1.5.7-0.2mdv2009.0.i586.rpm\r\n 49f4a2cb2e79c4fe9961e3cc630ec453 2009.0/i586/svn-javahl-1.5.7-0.2mdv2009.0.i586.rpm \r\n e2b222a73619a793fbd8934328310f6c 2009.0/SRPMS/subversion-1.5.7-0.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 782d18c3b343df7fa726c396834eeb5a 2009.0/x86_64/apache-mod_dav_svn-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n fbd9cc05b93883d9e3c630471b00e5bd 2009.0/x86_64/apache-mod_dontdothat-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n 04055b4d74b7097a3c234f6d7d9256a1 2009.0/x86_64/lib64svn0-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n 1560a934628b787e0cd2d08acd12067c 2009.0/x86_64/lib64svnjavahl0-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n 358f95e926e72678d765f57711af0606 2009.0/x86_64/perl-SVN-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n c770bb63fa5ae12b57d6a9c7a36d1d12 2009.0/x86_64/python-svn-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n f10301b8a525a295b4347ee131ee2e57 2009.0/x86_64/ruby-svn-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n 943cebc4216b89f3282211c63023aeef 2009.0/x86_64/subversion-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n 1f1c8a3ae2021b45af52cc719db230c6 2009.0/x86_64/subversion-devel-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n 79086daec4cce2fd12591e4d19fd4ccd 2009.0/x86_64/subversion-doc-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n 0da2869701ec437967bde60ddd052be3 2009.0/x86_64/subversion-server-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n 6fc1972ec0ad9ccecabfe44043faecdb 2009.0/x86_64/subversion-tools-1.5.7-0.2mdv2009.0.x86_64.rpm\r\n cf00724b08eb63d974143590ce60f586 2009.0/x86_64/svn-javahl-1.5.7-0.2mdv2009.0.x86_64.rpm \r\n e2b222a73619a793fbd8934328310f6c 2009.0/SRPMS/subversion-1.5.7-0.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n e39eaf6afdb0701923943486ae6e3b90 2009.1/i586/apache-mod_dav_svn-1.6.4-0.2mdv2009.1.i586.rpm\r\n da23b78111e459494543a81ddc2c423b 2009.1/i586/apache-mod_dontdothat-1.6.4-0.2mdv2009.1.i586.rpm\r\n 9c5a0a18bfe6ffd57af3ada8f48d74e4 2009.1/i586/libsvn0-1.6.4-0.2mdv2009.1.i586.rpm\r\n cf4cd7e6f1bea4b768067f438be9a912 2009.1/i586/libsvnjavahl1-1.6.4-0.2mdv2009.1.i586.rpm\r\n 39c27856a9db53da369fa61647a70f56 2009.1/i586/perl-SVN-1.6.4-0.2mdv2009.1.i586.rpm\r\n 05efc5339b6d1ecd3707cfb07319706d 2009.1/i586/python-svn-1.6.4-0.2mdv2009.1.i586.rpm\r\n 8bc7dbeebd2e753c53da8c4cc6b9ebac 2009.1/i586/ruby-svn-1.6.4-0.2mdv2009.1.i586.rpm\r\n d76bde6bdd9b94926bbf4bcafc8af3e2 2009.1/i586/subversion-1.6.4-0.2mdv2009.1.i586.rpm\r\n caf3f9edf79f50c9bd96c037fe39a53a 2009.1/i586/subversion-devel-1.6.4-0.2mdv2009.1.i586.rpm\r\n dbd45bc646717381fd40371993298a1b 2009.1/i586/subversion-doc-1.6.4-0.2mdv2009.1.i586.rpm\r\n 9ae061ebfd979ec8495826369d14fd5c 2009.1/i586/subversion-server-1.6.4-0.2mdv2009.1.i586.rpm\r\n 252c4b029fea822025fb8d20add0adee 2009.1/i586/subversion-tools-1.6.4-0.2mdv2009.1.i586.rpm\r\n 14d5371c8b4d46a08c2ee79df2304f41 2009.1/i586/svn-javahl-1.6.4-0.2mdv2009.1.i586.rpm \r\n ff1b8a5544829f126329186ec12d4875 2009.1/SRPMS/subversion-1.6.4-0.2mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 8e17b9928d29c2084adbc674658636e2 2009.1/x86_64/apache-mod_dav_svn-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 60a3a7685b88a64ed1590b38b09938ef 2009.1/x86_64/apache-mod_dontdothat-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 1b3e3f85fc244857a0afb66616cd69d0 2009.1/x86_64/lib64svn0-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 708d1d19b17eb5773058ce0e78f9632f 2009.1/x86_64/lib64svnjavahl1-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 57c2dc1efd3c35cf23cbb5f7494873b9 2009.1/x86_64/perl-SVN-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 12b19235ebd7ea27eb9854cc55f50ccc 2009.1/x86_64/python-svn-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 842e0131f4073ca8a5eaaa2dc598c52e 2009.1/x86_64/ruby-svn-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 7e85dd8fd60b6c50d7f3eaf95ad51dfb 2009.1/x86_64/subversion-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n a86dee6ed9bfc93764ef8e870cadf3e6 2009.1/x86_64/subversion-devel-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 34729241df3358f9e299bad96b06d95e 2009.1/x86_64/subversion-doc-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 335faf0ea95b901a6f0d21cdaa1c0fef 2009.1/x86_64/subversion-server-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 32b525c0637eb44eaa3706825fed6e2e 2009.1/x86_64/subversion-tools-1.6.4-0.2mdv2009.1.x86_64.rpm\r\n 1192b9164b2f4d85ea7c33d30e1779ab 2009.1/x86_64/svn-javahl-1.6.4-0.2mdv2009.1.x86_64.rpm \r\n ff1b8a5544829f126329186ec12d4875 2009.1/SRPMS/subversion-1.6.4-0.2mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 99c687288b18d5bf933486b7e158d1e7 2010.0/i586/apache-mod_dav_svn-1.6.6-1.1mdv2010.0.i586.rpm\r\n 3de7ccc8c45b999088e7349475aad518 2010.0/i586/apache-mod_dontdothat-1.6.6-1.1mdv2010.0.i586.rpm\r\n 5897c0fa307371128fa14fa3b4fa7f43 2010.0/i586/libsvn0-1.6.6-1.1mdv2010.0.i586.rpm\r\n ca12745cc221fdb82a4896f306cf9414 2010.0/i586/libsvnjavahl1-1.6.6-1.1mdv2010.0.i586.rpm\r\n a151af44f53a0474c17534249991778b 2010.0/i586/perl-SVN-1.6.6-1.1mdv2010.0.i586.rpm\r\n b8f6da238c045084e487e1cfeb336b5b 2010.0/i586/python-svn-1.6.6-1.1mdv2010.0.i586.rpm\r\n 5ff04878ac658d3d5a19ce973cdcafbb 2010.0/i586/ruby-svn-1.6.6-1.1mdv2010.0.i586.rpm\r\n 44ad9ac986b2b3c4a8defae754a37fa6 2010.0/i586/subversion-1.6.6-1.1mdv2010.0.i586.rpm\r\n 00e2729723f468b0590c3306d3115f24 2010.0/i586/subversion-devel-1.6.6-1.1mdv2010.0.i586.rpm\r\n 24263e73d11a483f8528f577ba22311d 2010.0/i586/subversion-doc-1.6.6-1.1mdv2010.0.i586.rpm\r\n aad180e325c9a55240d855d14b66f799 2010.0/i586/subversion-server-1.6.6-1.1mdv2010.0.i586.rpm\r\n a7d0f353bb808a1af8e9bcdb70ea907f 2010.0/i586/subversion-tools-1.6.6-1.1mdv2010.0.i586.rpm\r\n 6b1fc4a7368b262e33a99ddb7986abdc 2010.0/i586/svn-javahl-1.6.6-1.1mdv2010.0.i586.rpm \r\n 5d6e3c01f69829f89ad9bc817e867cf9 2010.0/SRPMS/subversion-1.6.6-1.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 1bd0d6b20bb39787f821f02b53f31cb9 2010.0/x86_64/apache-mod_dav_svn-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n e12f933c4dc0efb64d2fd689cff7eea0 2010.0/x86_64/apache-mod_dontdothat-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n ab8dc756649f98b8952fdfe81f63cbcd 2010.0/x86_64/lib64svn0-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 0aa69e3f4b43b05b5fa92f1a1692bda1 2010.0/x86_64/lib64svnjavahl1-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n ce6fd874500fd1ff78e8d39786a62e4a 2010.0/x86_64/perl-SVN-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 8252da76eadd6822bab736358290c890 2010.0/x86_64/python-svn-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 58864cb8525bde5fae3c28b0c97a5d78 2010.0/x86_64/ruby-svn-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 8cbc9643a107691c4f3b41f98b201088 2010.0/x86_64/subversion-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 8df25d7f066c54ac9db6c935ffe5fb27 2010.0/x86_64/subversion-devel-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 4122f02a48664ca9419e8ce8738fb07d 2010.0/x86_64/subversion-doc-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 0fb5fec52c9282c94d510781d298defb 2010.0/x86_64/subversion-server-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 645e551957606c826a9d1573e7485c67 2010.0/x86_64/subversion-tools-1.6.6-1.1mdv2010.0.x86_64.rpm\r\n 44be813269443b4a0dfb60031076146d 2010.0/x86_64/svn-javahl-1.6.6-1.1mdv2010.0.x86_64.rpm \r\n 5d6e3c01f69829f89ad9bc817e867cf9 2010.0/SRPMS/subversion-1.6.6-1.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 42d7459fea154ec39a2807bb1a657cd4 2010.1/i586/apache-mod_dav_svn-1.6.11-2.1mdv2010.1.i586.rpm\r\n 65c84c8ee5256fd333cbf62a8b2a6db7 2010.1/i586/apache-mod_dontdothat-1.6.11-2.1mdv2010.1.i586.rpm\r\n 79e672bd7ba872bd0a71d15e26a029b7 2010.1/i586/libsvn0-1.6.11-2.1mdv2010.1.i586.rpm\r\n 2edbb9e94df0d1d432291609b973fe40 2010.1/i586/libsvn-gnome-keyring0-1.6.11-2.1mdv2010.1.i586.rpm\r\n cb5e95e8022b1505eef71c65e1ccf339 2010.1/i586/libsvnjavahl1-1.6.11-2.1mdv2010.1.i586.rpm\r\n 9abf9d63d0a22b6c33bf175e2f709437 2010.1/i586/libsvn-kwallet0-1.6.11-2.1mdv2010.1.i586.rpm\r\n f461a912eb355f94009e97be7ec256ae 2010.1/i586/perl-SVN-1.6.11-2.1mdv2010.1.i586.rpm\r\n 8456f47743b963025a8a31b5db26ae2c 2010.1/i586/python-svn-1.6.11-2.1mdv2010.1.i586.rpm\r\n 36744e76c75ef5ae796a43d5666a1be8 2010.1/i586/ruby-svn-1.6.11-2.1mdv2010.1.i586.rpm\r\n ba73bc91d372276968ac5e95483a4d7a 2010.1/i586/subversion-1.6.11-2.1mdv2010.1.i586.rpm\r\n 65bb2df9b99c809325644a0aef94693d 2010.1/i586/subversion-devel-1.6.11-2.1mdv2010.1.i586.rpm\r\n 9c2d140f1aa25aef3b1bd1a8cf072bd5 2010.1/i586/subversion-doc-1.6.11-2.1mdv2010.1.i586.rpm\r\n aa62b384e5385862c48a4caf50c2b82b 2010.1/i586/subversion-server-1.6.11-2.1mdv2010.1.i586.rpm\r\n f75819bd31ab3dd4e804fd653c2a58c3 2010.1/i586/subversion-tools-1.6.11-2.1mdv2010.1.i586.rpm\r\n 63e0972b969a9ee5437b419b76783598 2010.1/i586/svn-javahl-1.6.11-2.1mdv2010.1.i586.rpm \r\n ee4eed36aede227bd3bebf71a25200d0 2010.1/SRPMS/subversion-1.6.11-2.1mdv2010.1.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 1a8e905eda84d17ee2311e7a8c23f0f7 2010.1/x86_64/apache-mod_dav_svn-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n ac3a2c204f2adf3060f3b6eaee3c6f1d 2010.1/x86_64/apache-mod_dontdothat-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 969d6b1794d5c80677639650e94e15d2 2010.1/x86_64/lib64svn0-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n f46e97cc23d0a070915396d04968118a 2010.1/x86_64/lib64svn-gnome-keyring0-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 2a9bd2ef1072751d03adbcf477a7d912 2010.1/x86_64/lib64svnjavahl1-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 50ea1454a280964366de94d9652127ba 2010.1/x86_64/lib64svn-kwallet0-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 28542544589237c094fe90634709cc74 2010.1/x86_64/perl-SVN-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 85c2166cab24af496209d20e4593d0db 2010.1/x86_64/python-svn-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 7eb1f8bdd24e9fc86dd99c823c277e59 2010.1/x86_64/ruby-svn-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 94a6b24c6e0256227c91bfc157f04efa 2010.1/x86_64/subversion-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n cee6b5de89a20966f90d22304d34e6c1 2010.1/x86_64/subversion-devel-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 9660eb2151c3468ddaf00706dbf525d3 2010.1/x86_64/subversion-doc-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 1fb399afb82e85fac6f8e07ff88f93b9 2010.1/x86_64/subversion-server-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n 7ca5b863f8299ba4f095355766b02831 2010.1/x86_64/subversion-tools-1.6.11-2.1mdv2010.1.x86_64.rpm\r\n ed509f25ad2e29724187b5246f85e6fc 2010.1/x86_64/svn-javahl-1.6.11-2.1mdv2010.1.x86_64.rpm \r\n ee4eed36aede227bd3bebf71a25200d0 2010.1/SRPMS/subversion-1.6.11-2.1mdv2010.1.src.rpm\r\n\r\n Corporate 4.0:\r\n a020ccb39f72dac6f7279dd3c22ef391 corporate/4.0/i586/apache-mod_dav_svn-1.5.7-0.2.20060mlcs4.i586.rpm\r\n c0f2cfc9f68c3b5c61c1ee632fccc565 \r\ncorporate/4.0/i586/apache-mod_dontdothat-1.5.7-0.2.20060mlcs4.i586.rpm\r\n a4142a61e523966958aa1082c845b879 corporate/4.0/i586/libsvn0-1.5.7-0.2.20060mlcs4.i586.rpm\r\n b8c26557c83c484605294b0f26a7f4ed corporate/4.0/i586/perl-SVN-1.5.7-0.2.20060mlcs4.i586.rpm\r\n 00e107e0b5c868feaf6c880c14cea2fc corporate/4.0/i586/python-svn-1.5.7-0.2.20060mlcs4.i586.rpm\r\n d2d2f8a6c6b8dc1095adb23b82b502e9 corporate/4.0/i586/subversion-1.5.7-0.2.20060mlcs4.i586.rpm\r\n e4a6107c17127cd48445ded0c2d98891 corporate/4.0/i586/subversion-devel-1.5.7-0.2.20060mlcs4.i586.rpm\r\n 4bd455d7d653214417c0369aae07e452 corporate/4.0/i586/subversion-doc-1.5.7-0.2.20060mlcs4.i586.rpm\r\n ab8e1bdd29ccd045337c29aca4188668 corporate/4.0/i586/subversion-server-1.5.7-0.2.20060mlcs4.i586.rpm\r\n fa25f715002c5aa1a1bd9cf22ebfab11 corporate/4.0/i586/subversion-tools-1.5.7-0.2.20060mlcs4.i586.rpm \r\n 42c3bfb5bb7ba77736a871fda677a19a corporate/4.0/SRPMS/subversion-1.5.7-0.2.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n e706b6adb34deb64a22adac015d46187 \r\ncorporate/4.0/x86_64/apache-mod_dav_svn-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n 9f67a36508b4ea03f201f59d1acf296d \r\ncorporate/4.0/x86_64/apache-mod_dontdothat-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n 58787620e2e1b79d859a2c30eb575108 corporate/4.0/x86_64/lib64svn0-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n 96c63df91b67dea7054ca43de43181a1 corporate/4.0/x86_64/perl-SVN-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n 80e4a08e41f6a0e19b43be2cc2a70aba corporate/4.0/x86_64/python-svn-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n 3b1023e45da03fd858aebd7b70c7343d corporate/4.0/x86_64/subversion-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n 816543f208f764d9af746c3d6c321f0b \r\ncorporate/4.0/x86_64/subversion-devel-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n cdbc12b4b205746d741442e7e78b0c5e corporate/4.0/x86_64/subversion-doc-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n 55d864596b6dac6b417a74b437f8ace5 \r\ncorporate/4.0/x86_64/subversion-server-1.5.7-0.2.20060mlcs4.x86_64.rpm\r\n 0dcbb12ba9e9d6c608fa8b170eacf228 \r\ncorporate/4.0/x86_64/subversion-tools-1.5.7-0.2.20060mlcs4.x86_64.rpm \r\n 42c3bfb5bb7ba77736a871fda677a19a corporate/4.0/SRPMS/subversion-1.5.7-0.2.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 6fd50e1e81bf28aa82b84359cb123fd8 mes5/i586/apache-mod_dav_svn-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 40daadab78bf82a05f3f8edd7067a8a9 mes5/i586/apache-mod_dontdothat-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 60e217b1c7fe641096215fc5dd6a806d mes5/i586/libsvn0-1.5.7-0.2mdvmes5.1.i586.rpm\r\n d5c2b339b404200405d68b302978c34f mes5/i586/libsvnjavahl0-1.5.7-0.2mdvmes5.1.i586.rpm\r\n f88e03038355b0d2ceeadb5e473aa5f5 mes5/i586/perl-SVN-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 95f81074beac1cb3410a763dc799a66c mes5/i586/python-svn-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 5a8421023ff926957a57d5e71c5bc7cc mes5/i586/ruby-svn-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 1ab066d0855ad026d4b9f0d79503d9e4 mes5/i586/subversion-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 8b641936531ce12d28959a5e4fe25635 mes5/i586/subversion-devel-1.5.7-0.2mdvmes5.1.i586.rpm\r\n bdb58e9ea925a10e0e5b494a0f4b2ce7 mes5/i586/subversion-doc-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 1c3907715048860f7cf5a43b8ef9992a mes5/i586/subversion-server-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 3188b7d3ea60c0cabdc599e4e5ac3ddb mes5/i586/subversion-tools-1.5.7-0.2mdvmes5.1.i586.rpm\r\n 647a5b5429a4e9e6d1e9102f1d7d8199 mes5/i586/svn-javahl-1.5.7-0.2mdvmes5.1.i586.rpm \r\n 5a74945228808533a38d5d792e50da8b mes5/SRPMS/subversion-1.5.7-0.2mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 2c04605b99cd58d733f307e593936803 mes5/x86_64/apache-mod_dav_svn-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n 7ef8cec4c8ebc41bdb4eb7e1823823ef mes5/x86_64/apache-mod_dontdothat-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n 9e4b8eb35e8f48c7671741745c6e3408 mes5/x86_64/lib64svn0-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n 593df331aa4d6e21e6f22571998a77b3 mes5/x86_64/lib64svnjavahl0-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n 84a67e7ecdb473b3d6cef4acc911a911 mes5/x86_64/perl-SVN-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n ef199d6cf6cb53272ab74d8f8d97a6de mes5/x86_64/python-svn-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n 2caf61fd0d8cc537f891a184a45fe44f mes5/x86_64/ruby-svn-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n d1e158be8311c51a8a403671b87351c3 mes5/x86_64/subversion-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n 93e250d8334e8267a41a2a90c687a6a9 mes5/x86_64/subversion-devel-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n 59bcd7a8ab4ad7c3f3f2a5383ebaecd3 mes5/x86_64/subversion-doc-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n ce4e2f28ee559369c88e1a1d928ba89f mes5/x86_64/subversion-server-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n 53160bd8e8a85e2d13bae8d8410d0192 mes5/x86_64/subversion-tools-1.5.7-0.2mdvmes5.1.x86_64.rpm\r\n d32ba80ae1c0bd6897dfbba94f118eff mes5/x86_64/svn-javahl-1.5.7-0.2mdvmes5.1.x86_64.rpm \r\n 5a74945228808533a38d5d792e50da8b mes5/SRPMS/subversion-1.5.7-0.2mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFMtGN1mqjQ0CJFipgRAgEoAKDc77ocSUrSfloIU6ZwbzMfRFnKtgCg1NJ6\r\nlbaT2PRWlh50I2k7g4BKa9o=\r\n=0oV+\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-10-13T00:00:00", "published": "2010-10-13T00:00:00", "id": "SECURITYVULNS:DOC:24906", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24906", "title": "[ MDVSA-2010:199 ] subversion", "type": "securityvulns", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-3315"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2010-10-13T00:00:00", "published": "2010-10-13T00:00:00", "id": "SECURITYVULNS:VULN:11199", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11199", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:39", "bulletinFamily": "software", "cvelist": ["CVE-2011-0187", "CVE-2010-4008", "CVE-2011-0181", "CVE-2011-0174", "CVE-2011-0186", "CVE-2011-0182", "CVE-2011-0173", "CVE-2011-0188", "CVE-2011-0176", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-4261", "CVE-2010-3802", "CVE-2010-3089", "CVE-2011-0175", "CVE-2006-7243", "CVE-2010-3436", "CVE-2011-0189", "CVE-2010-4021", "CVE-2011-0180", "CVE-2010-3870", "CVE-2011-0184", "CVE-2011-0190", "CVE-2011-0179", "CVE-2011-0170", "CVE-2010-4009", "CVE-2010-3801", "CVE-2010-2068", "CVE-2011-0191", "CVE-2011-0178", "CVE-2010-0405", "CVE-2011-1417", "CVE-2011-0194", "CVE-2010-3315", "CVE-2010-1452", "CVE-2010-4479", "CVE-2010-3709", "CVE-2011-0172", "CVE-2011-0193", "CVE-2010-4494", "CVE-2011-0177", "CVE-2010-3710", "CVE-2010-3855", "CVE-2010-4150", "CVE-2010-2950", "CVE-2010-3814", "CVE-2010-4409", "CVE-2010-4260", "CVE-2010-1323", "CVE-2010-3434", "CVE-2010-3069", "CVE-2011-0192", "CVE-2011-0183"], "description": "About the security content of Mac OS X v10.6.7 and Security Update 2011-001\r\n\r\n Last Modified: March 21, 2011\r\n Article: HT4581\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.7 and Security Update 2011-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see &quot;How to use the Apple Product Security PGP Key.&quot;\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see &quot;Apple Security Updates.&quot;\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security\r\nMac OS X v10.6.7 and Security Update 2011-001\r\n\r\n AirPort\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset\r\n\r\n Description: A divide by zero issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0172\r\n\r\n Apache\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.15\r\n\r\n Description: Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-1452\r\n\r\n CVE-2010-2068\r\n\r\n AppleScript\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A format string issue existed in AppleScript Studio&#39;s generic dialog commands &#40;&quot;display dialog&quot; and &quot;display alert&quot;&#41;. Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0173 : Alexander Strange\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0174\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0175 : Christoph Diehl of Mozilla, Felix Grobert of the Google Security Team, Marc Schoenefeld of Red Hat Security Response Team, Tavis Ormandy and Will Drewry of Google Security Team\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: Multiple buffer overflow issues existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0176 : Felix Grobert of the Google Security Team, geekable working with TippingPoint&#39;s Zero Day Initiative\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: Multiple buffer overflow issues existed in the handling of SFNT tables. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0177 : Marc Schoenefeld of Red Hat Security Response Team\r\n\r\n bzip2\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow issue existed in bzip2&#39;s handling of bzip2 compressed files. Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-0405\r\n\r\n CarbonCore\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Applications that use FSFindFolder&#40;&#41; with the kTemporaryFolderType flag may be vulnerable to a local information disclosure\r\n\r\n Description: When used with the kTemporaryFolderType flag, the FSFindFolder&#40;&#41; API returns a directory that is world readable. This issue is addressed by returning a directory that is only readable by the user that the process is running as.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0178\r\n\r\n ClamAV\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in ClamAV\r\n\r\n Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.5. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-0405\r\n\r\n CVE-2010-3434\r\n\r\n CVE-2010-4260\r\n\r\n CVE-2010-4261\r\n\r\n CVE-2010-4479\r\n\r\n CoreText\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in CoreText&#39;s handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0179 : Christoph Diehl of Mozilla\r\n\r\n File Quarantine\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Definition added\r\n\r\n Description: The OSX.OpinionSpy definition has been added to the malware check within File Quarantine.\r\n\r\n HFS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem\r\n\r\n Description: An integer overflow issue existed in the handling of the F_READBOOTSTRAP ioctl. A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0180 : Dan Rosenberg of Virtual Security Research\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow issue existed in ImageIO&#39;s handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n \r\n\r\n CVE-ID\r\n\r\n CVE-2011-0170 : Andrzej Dyjak working with iDefense VCP\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow issue existed in ImageIO&#39;s handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0181 : Harry Sintonen\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow existed in libTIFF&#39;s handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0191 : Apple\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow existed in libTIFF&#39;s handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0192 : Apple\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted JPEG-encoded TIFF image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow issue existed in ImageIO&#39;s handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0194 : Dominic Chell of NGS Secure\r\n\r\n Image RAW\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple buffer overflow issues existed in Image RAW&#39;s handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0193 : Paul Harrington of NGS Secure\r\n\r\n Installer\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the installation of an agent that contacts an arbitrary server when the user logs in, and mislead the user into thinking that the connection is with Apple\r\n\r\n Description: A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple. This issue is addressed by removing Install Helper.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0190 : Aaron Sigel of vtty.com\r\n\r\n Kerberos\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in MIT Kerberos 5\r\n\r\n Description: Multiple cryptographic issues existed in MIT Kerberos 5. Only CVE-2010-1323 affects Mac OS X v10.5. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-1323\r\n\r\n CVE-2010-1324\r\n\r\n CVE-2010-4020\r\n\r\n CVE-2010-4021\r\n\r\n Kernel\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: A local user may be able to execute arbitrary code with system privileges\r\n\r\n Description: A privilege checking issue existed in the i386_set_ldt system call&#39;s handling of call gates. A local user may be able to execute arbitrary code with system privileges. This issue is addressed by disallowing creation of call gate entries via i386_set_ldt&#40;&#41;.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0182 : Jeff Mears\r\n\r\n Libinfo\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: A remote attacker may be able to cause a denial of service on hosts that export NFS file systems\r\n\r\n Description: An integer truncation issue existed in Libinfo&#39;s handling of NFS RPC packets. A remote attacker may be able to cause NFS RPC services such as lockd, statd, mountd, and portmap to become unresponsive.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0183 : Peter Schwenk of the University of Delaware\r\n\r\n libxml\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in libxml&#39;s XPath handling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-4008 : Bui Quang Minh from Bkis &#40;www.bkis.com&#41;\r\n\r\n libxml\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A double free issue existed in libxml&#39;s handling of XPath expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-4494 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences\r\n\r\n Mailman\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in Mailman 2.1.13\r\n\r\n Description: Multiple cross-site scripting issues existed in Mailman 2.1.13. These issues are addressed by updating Mailman to version 2.1.14. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2010-September/000154.html\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3089\r\n\r\n PHP\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.3\r\n\r\n Description: PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n CVE-ID\r\n\r\n CVE-2006-7243\r\n\r\n CVE-2010-2950\r\n\r\n CVE-2010-3709\r\n\r\n CVE-2010-3710\r\n\r\n CVE-2010-3870\r\n\r\n CVE-2010-4150\r\n\r\n CVE-2010-4409\r\n\r\n PHP\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.14\r\n\r\n Description: PHP is updated to version 5.2.15 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3436\r\n\r\n CVE-2010-3709\r\n\r\n CVE-2010-4150\r\n\r\n QuickLook\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickLook&#39;s handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0184 : Tobias Klein working with Verisign iDefense Labs\r\n\r\n QuickLook\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickLook&#39;s handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-1417 : Charlie Miller and Dion Blazakis, working with TippingPoint&#39;s Zero Day Initiative\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues existed in QuickTime&#39;s handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0186 : Will Dormann of the CERT/CC\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow existed in QuickTime&#39;s handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-4009 : Honggang Ren of Fortinet&#39;s FortiGuard Labs\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickTime&#39;s handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3801 : Damian Put working with TippingPoint&#39;s Zero Day Initiative, and Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site\r\n\r\n Description: A cross-origin issue existed in QuickTime plug-in&#39;s handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross-site redirects.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research &#40;MSVR&#41;\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickTime&#39;s handling of panorama atoms in QTVR &#40;QuickTime Virtual Reality&#41; movie files. Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3802 : an anonymous researcher working with TippingPoint&#39;s Zero Day Initiative\r\n\r\n Ruby\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer truncation issue existed in Ruby&#39;s BigDecimal class. Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution. This issue only affects 64-bit Ruby processes.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0188 : Apple\r\n\r\n Samba\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A stack buffer overflow existed in Samba&#39;s handling of Windows Security IDs. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3069\r\n\r\n Subversion\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Subversion servers that use the non-default &quot;SVNPathAuthz short_circuit&quot; mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository\r\n\r\n Description: Subversion servers that use the non-default &quot;SVNPathAuthz short_circuit&quot; mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository. This issue is addressed by updating Subversion to version 1.6.13. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3315\r\n\r\n Terminal\r\n\r\n Available for: Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: When ssh is used in Terminal&#39;s &quot;New Remote Connection&quot; dialog, SSH version 1 is selected as the default protocol version\r\n\r\n Description: When ssh is used in Terminal&#39;s &quot;New Remote Connection&quot; dialog, SSH version 1 is selected as the default protocol version. This issue is addressed by changing the default protocol version to &quot;Automatic&quot;. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0189 : Matt Warren of HNW Inc.\r\n\r\n X11\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\r\n\r\n Impact: Multiple vulnerabilities in FreeType\r\n\r\n Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3814\r\n\r\n CVE-2010-3855\r\n", "edition": 1, "modified": "2011-03-23T00:00:00", "published": "2011-03-23T00:00:00", "id": "SECURITYVULNS:DOC:25963", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25963", "title": "About the security content of Mac OS X v10.6.7 and Security Update 2011-001", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-0187", "CVE-2010-4008", "CVE-2011-0181", "CVE-2011-0174", "CVE-2011-0186", "CVE-2011-0182", "CVE-2011-0173", "CVE-2011-0188", "CVE-2011-0176", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-4261", "CVE-2010-3802", "CVE-2010-3089", "CVE-2011-0175", "CVE-2006-7243", "CVE-2010-3436", "CVE-2011-0189", "CVE-2010-4021", "CVE-2011-0180", "CVE-2010-3870", "CVE-2011-0184", "CVE-2011-0190", "CVE-2011-0179", "CVE-2011-0170", "CVE-2010-4009", "CVE-2010-3801", "CVE-2010-2068", "CVE-2011-0191", "CVE-2011-0178", "CVE-2010-0405", "CVE-2011-1417", "CVE-2011-0194", "CVE-2010-3315", "CVE-2010-1452", "CVE-2010-4479", "CVE-2010-3709", "CVE-2011-0172", "CVE-2011-0193", "CVE-2011-0200", "CVE-2010-4494", "CVE-2011-0177", "CVE-2010-3710", "CVE-2010-3855", "CVE-2010-4150", "CVE-2010-2950", "CVE-2010-3814", "CVE-2010-4409", "CVE-2010-4260", "CVE-2010-1323", "CVE-2010-3434", "CVE-2010-3069", "CVE-2011-0192", "CVE-2011-0183"], "description": "Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation.", "edition": 1, "modified": "2011-03-23T00:00:00", "published": "2011-03-23T00:00:00", "id": "SECURITYVULNS:VULN:11518", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11518", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:18:34", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3315"], "description": "Peter Samuelson uploaded new packages for subversion which fixed the\nfollowing security problems:\n\nCVE-2010-3315\n When &quot;SVNPathAuthz short_circuit&quot; is enabled, authz authentication in\n the mod_dav_svn module for the Apache HTTP Server is flawed. Remote\n authenticated users can bypass intended access restrictions via svn\n commands.\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3315\n\nFor the lenny-backports distribution, the problem has been fixed in\nversion 1.6.12dfsg-2~bpo50+1.\n\nFor the current testing (squeeze) and unstable (sid) distributions, the\nproblem has been fixed in version 1.6.12dfsg-2.\n\nUpgrade instructions\n- --------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update the package\nmanually via &quot;apt-get -t lenny-backports install &lt;packagelist&gt;&quot; with\nthe packagelist of your installed packages affected by this update.\n[1] &lt;http://backports.debian.org/Instructions&gt;\n\nWe recommend to pin the backports repository to 200 so that new\nversions of installed backports will be installed automatically.\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n- -- \nMichael Diers, elego Software Solutions GmbH, http://www.elego.de\n", "edition": 3, "modified": "2010-10-10T09:45:47", "published": "2010-10-10T09:45:47", "id": "DEBIAN:BSA-004-:1B7CA", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201010/msg00001.html", "title": "BSA-004 Security Update for subversion", "type": "debian", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:14:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3315"], "description": "- ---------------------------------------------------------------------------\nDebian Security Advisory DSA-2118-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nOctober 8th, 2010 http://www.debian.org/security/faq\n- ---------------------------------------------------------------------------\n\nPackage : subversion\nVulnerability : logic flaw\nProblem type : remote\nDebian-specific: no\nDebian bug : none\nCVE ID : CVE-2010-3315\n\nKamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn\nmodule of subversion, a version control system, is not properly enforcing\naccess rules which are scope-limited to named repositories. If the\nSVNPathAuthz option is set to &quot;short_circuit&quot; set this may enable an\nunprivileged attacker to bypass intended access restrictions and disclose\nor modify repository content.\n\nAs a workaround it is also possible to set SVNPathAuthz to &quot;on&quot; but be\nadvised that this can result in a performance decrease for large\nrepositories.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-5.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.12dfsg-2.\n\n\nWe recommend that you upgrade your samba packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5.diff.gz\n Size/MD5 checksum: 91687 44dd10c3137760240bb56a100ca4cba6\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5.dsc\n Size/MD5 checksum: 1845 7878e43c2c80e0a6c07b96d797dfde86\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1.orig.tar.gz\n Size/MD5 checksum: 6805740 09a95bbc203ec516db796bd40d612403\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-doc_1.5.1dfsg1-5_all.deb\n Size/MD5 checksum: 1937436 69a2e5adf8a482d288e3f29357d10194\n http://security.debian.org/pool/updates/main/s/subversion/subversion-tools_1.5.1dfsg1-5_all.deb\n Size/MD5 checksum: 181958 000312b36cc4ff900c4479df748c0172\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby_1.5.1dfsg1-5_all.deb\n Size/MD5 checksum: 764 6fced63bde9227b8f7671fb33cb2d7b1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_alpha.deb\n Size/MD5 checksum: 533438 7a199374ac5459a5b67e319917037004\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_alpha.deb\n Size/MD5 checksum: 1294012 f35e99abaf9514e824baec6be8585fb2\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_alpha.deb\n Size/MD5 checksum: 899446 d41aa5920720619965450703f3c8fe49\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_alpha.deb\n Size/MD5 checksum: 151234 a153898b355944200fd0187202d49500\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_alpha.deb\n Size/MD5 checksum: 1193012 5ea6e2cc6567bfc3d9a96cdb99255a3e\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_alpha.deb\n Size/MD5 checksum: 1150232 fa24f3c490f6097f028b258c64d8c4f1\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_alpha.deb\n Size/MD5 checksum: 1565150 d41477926238b46ae2e15a9c87299ac0\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_amd64.deb\n Size/MD5 checksum: 1283396 28dcf742f9807ea42333e288b2d8204b\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_amd64.deb\n Size/MD5 checksum: 285336 8bc405f1733103bdc1f8adc4ee9ccc60\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_amd64.deb\n Size/MD5 checksum: 150352 4fd2dacd30026f3ce29dc4cfe0060487\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_amd64.deb\n Size/MD5 checksum: 1211864 a26e60f59bff282e1e9475eacb7bcdcc\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_amd64.deb\n Size/MD5 checksum: 864300 698f5b201980f3a46dc699bab55b83ec\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_amd64.deb\n Size/MD5 checksum: 1219570 fbdcfa0d608b0a3366aae42c0efea222\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_amd64.deb\n Size/MD5 checksum: 1081856 0df403c57d9c7029122c1f3026cf3624\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_amd64.deb\n Size/MD5 checksum: 561334 fbea124e749f15b8f2eb0435b9373c2d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_armel.deb\n Size/MD5 checksum: 1079482 9d876a12091cd7d085c35a75ad923e81\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_armel.deb\n Size/MD5 checksum: 755496 fb35757f0a6fb6a407e7896650e88f0d\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_armel.deb\n Size/MD5 checksum: 1008056 411b3292372bf1063f939dd81362ebad\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_armel.deb\n Size/MD5 checksum: 1265200 b0da7f200016785630e7a5cc2bd232e7\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_armel.deb\n Size/MD5 checksum: 270450 76f0839388b1154945866442a181ce80\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_armel.deb\n Size/MD5 checksum: 1007228 b543718e22e8f03f2f415a352182468e\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_armel.deb\n Size/MD5 checksum: 145458 0dbeb3bd0e2c5ed331d5197ff71d0660\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_armel.deb\n Size/MD5 checksum: 486476 f1eb839928409d7d24ce233b54addde6\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_hppa.deb\n Size/MD5 checksum: 1027356 2861729258f5f25f0bb164c5c55a27b7\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_hppa.deb\n Size/MD5 checksum: 1254650 2125678a8e2385e447cedf96b6e17914\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_hppa.deb\n Size/MD5 checksum: 905772 3c4339c885e3bcfaaa1fbcb1d4f341f0\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_hppa.deb\n Size/MD5 checksum: 1295962 06d94ae1bb59ca4ace1f883ea7d7418d\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_hppa.deb\n Size/MD5 checksum: 156242 cd8bd3ea65add9a291924753cff55b20\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_hppa.deb\n Size/MD5 checksum: 588142 ec7dfe6df0dfe58c82cf74a32a7ca667\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_hppa.deb\n Size/MD5 checksum: 1291430 b2b91b912030d496c93af1118b83a17e\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_i386.deb\n Size/MD5 checksum: 1074718 0d5f86bc8b50868ed99fd22de2299c14\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_i386.deb\n Size/MD5 checksum: 282014 c5396f219d33502ee0ba6cfd1524d93a\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_i386.deb\n Size/MD5 checksum: 1032258 fea5736294397cbe8cae51171525d268\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_i386.deb\n Size/MD5 checksum: 796404 11e2a23a29bf55d8a5cd7f590bbdf36c\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_i386.deb\n Size/MD5 checksum: 1271350 bdfae53cb17918c53fe2c4bbc42d8f75\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_i386.deb\n Size/MD5 checksum: 145800 8ec9eecc3aa2c0465ae46fee45e05f99\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_i386.deb\n Size/MD5 checksum: 477000 8a147188a35241faeac5ab6888489f1a\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_i386.deb\n Size/MD5 checksum: 1021338 08f8a6a05a8d7471a32bcab7cf162a83\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_ia64.deb\n Size/MD5 checksum: 1413864 84c77d2aabb03897b7410f05f26a57a9\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_ia64.deb\n Size/MD5 checksum: 1461180 94667513edaadb3d78a88ed03591008e\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_ia64.deb\n Size/MD5 checksum: 175784 9c7df1e0e7724919269cc1da319555b3\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_ia64.deb\n Size/MD5 checksum: 1622990 2127f6e7b7151c8f47761a18ba08a2dd\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_ia64.deb\n Size/MD5 checksum: 722714 18ed5dc94721ab1595daab3c02e0de23\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_ia64.deb\n Size/MD5 checksum: 1150024 f34b0db4e7ebf919666db0f57b8d5591\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_ia64.deb\n Size/MD5 checksum: 303334 0a079f6612ee1b4ac7a583b9ef67fee4\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_ia64.deb\n Size/MD5 checksum: 1346014 c7857b73866f98eeef2022c9ac57e6ed\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_mips.deb\n Size/MD5 checksum: 977188 7b7d51612243195e5156598fc02329b1\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_mips.deb\n Size/MD5 checksum: 143056 a444d612b30599bbd91ceafebed33c0a\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_mips.deb\n Size/MD5 checksum: 1291450 813a471bd646f4ce4c80b18fe3fe7897\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_mips.deb\n Size/MD5 checksum: 780626 17b703bf018936efd90c130fc75c8804\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_mips.deb\n Size/MD5 checksum: 726576 54599e99dbd1d9d2781f84c091451cf0\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_mips.deb\n Size/MD5 checksum: 431282 a7d5de9575b192b910ae2b8f6da596b7\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_mips.deb\n Size/MD5 checksum: 1278244 5e9e1f6136a7edbbfc537e5308bfb2b5\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_mipsel.deb\n Size/MD5 checksum: 778638 521e2fe9cbf6b61f097060eeae5c0e42\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_mipsel.deb\n Size/MD5 checksum: 143196 419015f1cd73779a504e1541af596d89\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_mipsel.deb\n Size/MD5 checksum: 950776 117b465365cd0c4ad63ec7711b12c026\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_mipsel.deb\n Size/MD5 checksum: 424336 96946525ffedbe47daae09b1700d7dec\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_mipsel.deb\n Size/MD5 checksum: 1276544 359830f00320d396749aecca8ea366e5\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_mipsel.deb\n Size/MD5 checksum: 720216 1874c5f527f99b1c014a41e2d11c6453\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_mipsel.deb\n Size/MD5 checksum: 1287646 f20ea0befa3d37159bd942e872714c37\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_powerpc.deb\n Size/MD5 checksum: 1309342 3fc631a35f69d912998e341127cacf8d\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_powerpc.deb\n Size/MD5 checksum: 1129310 f27b7820ede925740d8c9766800a6749\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_powerpc.deb\n Size/MD5 checksum: 293052 7b5cea363816832c40d9deb8d0cf4ebe\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_powerpc.deb\n Size/MD5 checksum: 1211154 a06326b622c439df7358155a2416a379\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_powerpc.deb\n Size/MD5 checksum: 891340 728cc7a7fba53cb468f39b751fa1eebd\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_powerpc.deb\n Size/MD5 checksum: 539724 b30c1d6b126660abc633dc43073cacfe\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_powerpc.deb\n Size/MD5 checksum: 156110 9be01af660ef7402f4275cc21c37608c\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_powerpc.deb\n Size/MD5 checksum: 1120060 d6591d088fe879f5094c84e8b839d8b0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_s390.deb\n Size/MD5 checksum: 1147140 546e0538fa3b7ecb96e53ccce638a290\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_s390.deb\n Size/MD5 checksum: 525536 7b8ef26f1cdba48838a1bee9a4a347cc\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_s390.deb\n Size/MD5 checksum: 1295362 586d80be57e1568a54db74f9486eeca3\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_s390.deb\n Size/MD5 checksum: 283310 50e24ceb2aa44e5404d09f6ae5ba4618\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_s390.deb\n Size/MD5 checksum: 153672 adea0d2ad7c264b70641a036c32790e7\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_s390.deb\n Size/MD5 checksum: 850932 3d87c9a80e8e67bd98d222bcaa5983a1\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_s390.deb\n Size/MD5 checksum: 867490 02ce0a908b9b354b7bcf740004bee6cb\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_s390.deb\n Size/MD5 checksum: 1167094 4e42c8d4951648a2427f691ce574edaa\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_sparc.deb\n Size/MD5 checksum: 1083012 1f7d508a4fecdbb5d27cf8881425f115\n http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_sparc.deb\n Size/MD5 checksum: 145080 4c22a42819c8cfa53b7cd52b81fa9174\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_sparc.deb\n Size/MD5 checksum: 491828 332f1d25029aa4cefc30bf831a6f3b79\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_sparc.deb\n Size/MD5 checksum: 277138 e2b536c3016240307f80980d2d7e2a14\n http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_sparc.deb\n Size/MD5 checksum: 1274640 becab26e59f0736703e7dc20320c8d10\n http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_sparc.deb\n Size/MD5 checksum: 742790 bd00aad310f314101f6c28467dcc14f8\n http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_sparc.deb\n Size/MD5 checksum: 1017700 5ff6c6e4035e9c1c83c23cd39da46560\n http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_sparc.deb\n Size/MD5 checksum: 1072676 8b24094ba1a0af57eec6d4e61ad23313\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 9, "modified": "2010-10-08T21:25:33", "published": "2010-10-08T21:25:33", "id": "DEBIAN:DSA-2118-1:A7BB7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00167.html", "title": "[SECURITY] [DSA 2118-1] New subversion packages fix authentication bypass", "type": "debian", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3315"], "description": "Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. ", "modified": "2010-10-28T06:18:29", "published": "2010-10-28T06:18:29", "id": "FEDORA:E665E111EAB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: subversion-1.6.13-1.fc14", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3315"], "description": "Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. ", "modified": "2010-10-28T05:50:49", "published": "2010-10-28T05:50:49", "id": "FEDORA:C572C1110A3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: subversion-1.6.13-1.fc12.1", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3315"], "description": "Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. ", "modified": "2010-10-28T05:47:03", "published": "2010-10-28T05:47:03", "id": "FEDORA:07D01111076", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: subversion-1.6.13-1.fc13", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:46:08", "description": "Kamesh Jayachandran and C. Michael Pilat discovered that the\nmod_dav_svn module of Subversion, a version control system, is not\nproperly enforcing access rules which are scope-limited to named\nrepositories. If the SVNPathAuthz option is set to 'short_circuit' set\nthis may enable an unprivileged attacker to bypass intended access\nrestrictions and disclose or modify repository content.", "edition": 27, "published": "2010-10-11T00:00:00", "title": "Debian DSA-2118-1 : subversion - logic flaw", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "modified": "2010-10-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:subversion", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2118.NASL", "href": "https://www.tenable.com/plugins/nessus/49815", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2118. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49815);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3315\");\n script_bugtraq_id(43678);\n script_xref(name:\"DSA\", value:\"2118\");\n\n script_name(english:\"Debian DSA-2118-1 : subversion - logic flaw\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kamesh Jayachandran and C. Michael Pilat discovered that the\nmod_dav_svn module of Subversion, a version control system, is not\nproperly enforcing access rules which are scope-limited to named\nrepositories. If the SVNPathAuthz option is set to 'short_circuit' set\nthis may enable an unprivileged attacker to bypass intended access\nrestrictions and disclose or modify repository content.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2118\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the subversion packages.\n\nAs a workaround it is also possible to set SVNPathAuthz to 'on' but be\nadvised that this can result in a performance decrease for large\nrepositories.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libapache2-svn\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsvn-dev\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsvn-doc\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsvn-java\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsvn-perl\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsvn-ruby\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsvn-ruby1.8\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsvn1\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"python-subversion\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"subversion\", reference:\"1.5.1dfsg1-5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"subversion-tools\", reference:\"1.5.1dfsg1-5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:49", "description": "A vulnerability was discovered and corrected in subversion :\n\nauthz.c in the mod_dav_svn module for the Apache HTTP Server, as\ndistributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before\n1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly\nhandle a named repository as a rule scope, which allows remote\nauthenticated users to bypass intended access restrictions via svn\ncommands (CVE-2010-3315).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2010-10-14T00:00:00", "title": "Mandriva Linux Security Advisory : subversion (MDVSA-2010:199)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "modified": "2010-10-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:subversion", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:ruby-svn", "p-cpe:/a:mandriva:linux:lib64svnjavahl0", "p-cpe:/a:mandriva:linux:apache-mod_dav_svn", "p-cpe:/a:mandriva:linux:subversion-doc", "p-cpe:/a:mandriva:linux:lib64svnjavahl1", "p-cpe:/a:mandriva:linux:subversion-devel", "p-cpe:/a:mandriva:linux:libsvnjavahl1", "p-cpe:/a:mandriva:linux:lib64svn-gnome-keyring0", "p-cpe:/a:mandriva:linux:lib64svn-kwallet0", "p-cpe:/a:mandriva:linux:libsvnjavahl0", "p-cpe:/a:mandriva:linux:subversion-tools", "p-cpe:/a:mandriva:linux:svn-javahl", "p-cpe:/a:mandriva:linux:libsvn-kwallet0", "p-cpe:/a:mandriva:linux:libsvn0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:python-svn", "p-cpe:/a:mandriva:linux:libsvn-gnome-keyring0", "p-cpe:/a:mandriva:linux:perl-SVN", "p-cpe:/a:mandriva:linux:lib64svn0", "p-cpe:/a:mandriva:linux:apache-mod_dontdothat", "p-cpe:/a:mandriva:linux:subversion-server"], "id": "MANDRIVA_MDVSA-2010-199.NASL", "href": "https://www.tenable.com/plugins/nessus/49967", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:199. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49967);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3315\");\n script_bugtraq_id(43678);\n script_xref(name:\"MDVSA\", value:\"2010:199\");\n\n script_name(english:\"Mandriva Linux Security Advisory : subversion (MDVSA-2010:199)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in subversion :\n\nauthz.c in the mod_dav_svn module for the Apache HTTP Server, as\ndistributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before\n1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly\nhandle a named repository as a rule scope, which allows remote\nauthenticated users to bypass intended access restrictions via svn\ncommands (CVE-2010-3315).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dontdothat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64svn-gnome-keyring0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64svn-kwallet0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64svn0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64svnjavahl0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64svnjavahl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsvn-gnome-keyring0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsvn-kwallet0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsvn0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsvnjavahl0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsvnjavahl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:subversion-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:svn-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dav_svn-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dontdothat-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64svn0-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64svnjavahl0-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsvn0-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsvnjavahl0-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-SVN-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"python-svn-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ruby-svn-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"subversion-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"subversion-devel-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"subversion-doc-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"subversion-server-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"subversion-tools-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"svn-javahl-1.5.7-0.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_dav_svn-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_dontdothat-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64svn0-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64svnjavahl1-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libsvn0-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libsvnjavahl1-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"perl-SVN-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"python-svn-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"ruby-svn-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"subversion-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"subversion-devel-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"subversion-doc-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"subversion-server-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"subversion-tools-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"svn-javahl-1.6.4-0.2mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_dav_svn-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_dontdothat-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64svn0-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64svnjavahl1-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libsvn0-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libsvnjavahl1-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"perl-SVN-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"python-svn-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"ruby-svn-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"subversion-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"subversion-devel-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"subversion-doc-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"subversion-server-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"subversion-tools-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"svn-javahl-1.6.6-1.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_dav_svn-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_dontdothat-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64svn-gnome-keyring0-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64svn-kwallet0-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64svn0-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64svnjavahl1-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsvn-gnome-keyring0-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsvn-kwallet0-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsvn0-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsvnjavahl1-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"perl-SVN-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"python-svn-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"ruby-svn-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"subversion-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"subversion-devel-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"subversion-doc-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"subversion-server-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"subversion-tools-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"svn-javahl-1.6.11-2.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:11", "description": "This update includes the latest stable release of Subversion, version\n1.6.13.\n\nSubversion servers up to 1.6.12 (inclusive) making use of the\n'SVNPathAuthz short_circuit' mod_dav_svn configuration setting have a\nbug which may allow users to write and/or read portions of the\nrepository to which they are not intended to have access. This issue\nis fixed in this update.\n\nSee http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\nfor further details\n\nA number of bug fixes are also included :\n\n - don't drop properties during foreign-repo merges\n\n - improve auto-props failure error message\n\n - improve error message for 403 status with ra_neon\n\n - don't allow 'merge --reintegrate' for 2-url merges\n\n - improve handling of missing fsfs.conf during hotcopy\n\n - escape unsafe characters in a URL during export\n\n - don't leak stale locks in FSFS\n\n - better detect broken working copies during update over\n ra_neon\n\n - fsfs: make rev files read-only\n\n - properly canonicalize a URL\n\n - fix wc corruption with 'commit --depth=empty'\n\n - permissions fixes when doing reintegrate merges\n\n - fix mergeinfo miscalculation during 2-url merges\n\n - fix error transmission problems in svnserve\n\n - fixed: record-only merges create self-referential\n mergeinfo\n\n - make 'svnmucc propset' handle existing and\n non-existing URLs\n\n - add new 'propsetf' subcommand to svnmucc\n\n - emit a warning about copied dirs during ci with\n limited depth\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2010-10-29T00:00:00", "title": "Fedora 13 : subversion-1.6.13-1.fc13 (2010-16136)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "modified": "2010-10-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:subversion"], "id": "FEDORA_2010-16136.NASL", "href": "https://www.tenable.com/plugins/nessus/50395", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16136.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50395);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3315\");\n script_bugtraq_id(43678);\n script_xref(name:\"FEDORA\", value:\"2010-16136\");\n\n script_name(english:\"Fedora 13 : subversion-1.6.13-1.fc13 (2010-16136)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest stable release of Subversion, version\n1.6.13.\n\nSubversion servers up to 1.6.12 (inclusive) making use of the\n'SVNPathAuthz short_circuit' mod_dav_svn configuration setting have a\nbug which may allow users to write and/or read portions of the\nrepository to which they are not intended to have access. This issue\nis fixed in this update.\n\nSee http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\nfor further details\n\nA number of bug fixes are also included :\n\n - don't drop properties during foreign-repo merges\n\n - improve auto-props failure error message\n\n - improve error message for 403 status with ra_neon\n\n - don't allow 'merge --reintegrate' for 2-url merges\n\n - improve handling of missing fsfs.conf during hotcopy\n\n - escape unsafe characters in a URL during export\n\n - don't leak stale locks in FSFS\n\n - better detect broken working copies during update over\n ra_neon\n\n - fsfs: make rev files read-only\n\n - properly canonicalize a URL\n\n - fix wc corruption with 'commit --depth=empty'\n\n - permissions fixes when doing reintegrate merges\n\n - fix mergeinfo miscalculation during 2-url merges\n\n - fix error transmission problems in svnserve\n\n - fixed: record-only merges create self-referential\n mergeinfo\n\n - make 'svnmucc propset' handle existing and\n non-existing URLs\n\n - add new 'propsetf' subcommand to svnmucc\n\n - emit a warning about copied dirs during ci with\n limited depth\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640317\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049883.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?664b6b3d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected subversion package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"subversion-1.6.13-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:11", "description": "This update includes the latest stable release of Subversion, version\n1.6.13.\n\nSubversion servers up to 1.6.12 (inclusive) making use of the\n'SVNPathAuthz short_circuit' mod_dav_svn configuration setting have a\nbug which may allow users to write and/or read portions of the\nrepository to which they are not intended to have access. This issue\nis fixed in this update.\n\nSee http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\nfor further details\n\nA number of bug fixes are also included :\n\n - don't drop properties during foreign-repo merges\n\n - improve auto-props failure error message\n\n - improve error message for 403 status with ra_neon\n\n - don't allow 'merge --reintegrate' for 2-url merges\n\n - improve handling of missing fsfs.conf during hotcopy\n\n - escape unsafe characters in a URL during export\n\n - don't leak stale locks in FSFS\n\n - better detect broken working copies during update over\n ra_neon\n\n - fsfs: make rev files read-only\n\n - properly canonicalize a URL\n\n - fix wc corruption with 'commit --depth=empty'\n\n - permissions fixes when doing reintegrate merges\n\n - fix mergeinfo miscalculation during 2-url merges\n\n - fix error transmission problems in svnserve\n\n - fixed: record-only merges create self-referential\n mergeinfo\n\n - make 'svnmucc propset' handle existing and\n non-existing URLs\n\n - add new 'propsetf' subcommand to svnmucc\n\n - emit a warning about copied dirs during ci with\n limited depth\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2010-10-29T00:00:00", "title": "Fedora 12 : subversion-1.6.13-1.fc12.1 (2010-16115)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "modified": "2010-10-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:subversion", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-16115.NASL", "href": "https://www.tenable.com/plugins/nessus/50394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16115.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50394);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3315\");\n script_bugtraq_id(43678);\n script_xref(name:\"FEDORA\", value:\"2010-16115\");\n\n script_name(english:\"Fedora 12 : subversion-1.6.13-1.fc12.1 (2010-16115)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest stable release of Subversion, version\n1.6.13.\n\nSubversion servers up to 1.6.12 (inclusive) making use of the\n'SVNPathAuthz short_circuit' mod_dav_svn configuration setting have a\nbug which may allow users to write and/or read portions of the\nrepository to which they are not intended to have access. This issue\nis fixed in this update.\n\nSee http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\nfor further details\n\nA number of bug fixes are also included :\n\n - don't drop properties during foreign-repo merges\n\n - improve auto-props failure error message\n\n - improve error message for 403 status with ra_neon\n\n - don't allow 'merge --reintegrate' for 2-url merges\n\n - improve handling of missing fsfs.conf during hotcopy\n\n - escape unsafe characters in a URL during export\n\n - don't leak stale locks in FSFS\n\n - better detect broken working copies during update over\n ra_neon\n\n - fsfs: make rev files read-only\n\n - properly canonicalize a URL\n\n - fix wc corruption with 'commit --depth=empty'\n\n - permissions fixes when doing reintegrate merges\n\n - fix mergeinfo miscalculation during 2-url merges\n\n - fix error transmission problems in svnserve\n\n - fixed: record-only merges create self-referential\n mergeinfo\n\n - make 'svnmucc propset' handle existing and\n non-existing URLs\n\n - add new 'propsetf' subcommand to svnmucc\n\n - emit a warning about copied dirs during ci with\n limited depth\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640317\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049898.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?071f0ef1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected subversion package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"subversion-1.6.13-1.fc12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:11", "description": "This update includes the latest stable release of Subversion, version\n1.6.13.\n\nSubversion servers up to 1.6.12 (inclusive) making use of the\n'SVNPathAuthz short_circuit' mod_dav_svn configuration setting have a\nbug which may allow users to write and/or read portions of the\nrepository to which they are not intended to have access. This issue\nis fixed in this update.\n\nSee http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\nfor further details\n\nA number of bug fixes are also included :\n\n - don't drop properties during foreign-repo merges\n\n - improve auto-props failure error message\n\n - improve error message for 403 status with ra_neon\n\n - don't allow 'merge --reintegrate' for 2-url merges\n\n - improve handling of missing fsfs.conf during hotcopy\n\n - escape unsafe characters in a URL during export\n\n - don't leak stale locks in FSFS\n\n - better detect broken working copies during update over\n ra_neon\n\n - fsfs: make rev files read-only\n\n - properly canonicalize a URL\n\n - fix wc corruption with 'commit --depth=empty'\n\n - permissions fixes when doing reintegrate merges\n\n - fix mergeinfo miscalculation during 2-url merges\n\n - fix error transmission problems in svnserve\n\n - fixed: record-only merges create self-referential\n mergeinfo\n\n - make 'svnmucc propset' handle existing and\n non-existing URLs\n\n - add new 'propsetf' subcommand to svnmucc\n\n - emit a warning about copied dirs during ci with\n limited depth\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-10-29T00:00:00", "title": "Fedora 14 : subversion-1.6.13-1.fc14 (2010-16148)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "modified": "2010-10-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:subversion"], "id": "FEDORA_2010-16148.NASL", "href": "https://www.tenable.com/plugins/nessus/50396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16148.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50396);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3315\");\n script_bugtraq_id(43678);\n script_xref(name:\"FEDORA\", value:\"2010-16148\");\n\n script_name(english:\"Fedora 14 : subversion-1.6.13-1.fc14 (2010-16148)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest stable release of Subversion, version\n1.6.13.\n\nSubversion servers up to 1.6.12 (inclusive) making use of the\n'SVNPathAuthz short_circuit' mod_dav_svn configuration setting have a\nbug which may allow users to write and/or read portions of the\nrepository to which they are not intended to have access. This issue\nis fixed in this update.\n\nSee http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\nfor further details\n\nA number of bug fixes are also included :\n\n - don't drop properties during foreign-repo merges\n\n - improve auto-props failure error message\n\n - improve error message for 403 status with ra_neon\n\n - don't allow 'merge --reintegrate' for 2-url merges\n\n - improve handling of missing fsfs.conf during hotcopy\n\n - escape unsafe characters in a URL during export\n\n - don't leak stale locks in FSFS\n\n - better detect broken working copies during update over\n ra_neon\n\n - fsfs: make rev files read-only\n\n - properly canonicalize a URL\n\n - fix wc corruption with 'commit --depth=empty'\n\n - permissions fixes when doing reintegrate merges\n\n - fix mergeinfo miscalculation during 2-url merges\n\n - fix error transmission problems in svnserve\n\n - fixed: record-only merges create self-referential\n mergeinfo\n\n - make 'svnmucc propset' handle existing and\n non-existing URLs\n\n - add new 'propsetf' subcommand to svnmucc\n\n - emit a warning about copied dirs during ci with\n limited depth\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://subversion.apache.org/security/CVE-2010-3315-advisory.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640317\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01c331e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected subversion package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"subversion-1.6.13-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:07:43", "description": "when using 'SVNPathAuthz short_circuit' mod_dav_svn didn't properly\nenforce access restrictions (CVE-2010-3315).", "edition": 25, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:subversion-python", "p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0", "p-cpe:/a:novell:opensuse:subversion-tools", "p-cpe:/a:novell:opensuse:subversion", "p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0", "p-cpe:/a:novell:opensuse:subversion-ruby", "p-cpe:/a:novell:opensuse:subversion-devel", "p-cpe:/a:novell:opensuse:subversion-perl", "p-cpe:/a:novell:opensuse:subversion-server", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBSVN_AUTH_GNOME_KEYRING-1-0-101029.NASL", "href": "https://www.tenable.com/plugins/nessus/75615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libsvn_auth_gnome_keyring-1-0-3423.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75615);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3315\");\n\n script_name(english:\"openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1)\");\n script_summary(english:\"Check for the libsvn_auth_gnome_keyring-1-0-3423 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"when using 'SVNPathAuthz short_circuit' mod_dav_svn didn't properly\nenforce access restrictions (CVE-2010-3315).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsvn_auth_gnome_keyring-1-0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsvn_auth_gnome_keyring-1-0-1.6.9-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsvn_auth_kwallet-1-0-1.6.9-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"subversion-1.6.9-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"subversion-devel-1.6.9-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"subversion-perl-1.6.9-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"subversion-python-1.6.9-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"subversion-ruby-1.6.9-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"subversion-server-1.6.9-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"subversion-tools-1.6.9-4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsvn_auth_gnome_keyring-1-0 / libsvn_auth_kwallet-1-0 / etc\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:04:50", "description": "when using 'SVNPathAuthz short_circuit' mod_dav_svn didn't properly\nenforce access restrictions (CVE-2010-3315).", "edition": 25, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:subversion-python", "p-cpe:/a:novell:opensuse:subversion-tools", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:subversion", "p-cpe:/a:novell:opensuse:subversion-devel", "p-cpe:/a:novell:opensuse:subversion-perl", "p-cpe:/a:novell:opensuse:subversion-server"], "id": "SUSE_11_1_LIBSVN_AUTH_GNOME_KEYRING-1-0-101028.NASL", "href": "https://www.tenable.com/plugins/nessus/53679", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libsvn_auth_gnome_keyring-1-0-3423.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53679);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3315\");\n\n script_name(english:\"openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1)\");\n script_summary(english:\"Check for the libsvn_auth_gnome_keyring-1-0-3423 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"when using 'SVNPathAuthz short_circuit' mod_dav_svn didn't properly\nenforce access restrictions (CVE-2010-3315).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsvn_auth_gnome_keyring-1-0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"subversion-1.5.7-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"subversion-devel-1.5.7-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"subversion-perl-1.5.7-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"subversion-python-1.5.7-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"subversion-server-1.5.7-0.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"subversion-tools-1.5.7-0.2.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion / subversion-devel / subversion-perl / subversion-python / etc\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:06:09", "description": "when using 'SVNPathAuthz short_circuit' mod_dav_svn didn't properly\nenforce access restrictions (CVE-2010-3315).", "edition": 25, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3315"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:subversion-python", "p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0", "p-cpe:/a:novell:opensuse:subversion-tools", "p-cpe:/a:novell:opensuse:subversion", "p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0", "p-cpe:/a:novell:opensuse:subversion-ruby", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:subversion-devel", "p-cpe:/a:novell:opensuse:subversion-perl", "p-cpe:/a:novell:opensuse:subversion-server"], "id": "SUSE_11_2_LIBSVN_AUTH_GNOME_KEYRING-1-0-101029.NASL", "href": "https://www.tenable.com/plugins/nessus/53758", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libsvn_auth_gnome_keyring-1-0-3423.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53758);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3315\");\n\n script_name(english:\"openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1)\");\n script_summary(english:\"Check for the libsvn_auth_gnome_keyring-1-0-3423 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"when using 'SVNPathAuthz short_circuit' mod_dav_svn didn't properly\nenforce access restrictions (CVE-2010-3315).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsvn_auth_gnome_keyring-1-0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libsvn_auth_gnome_keyring-1-0-1.6.6-1.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libsvn_auth_kwallet-1-0-1.6.6-1.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"subversion-1.6.6-1.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"subversion-devel-1.6.6-1.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"subversion-perl-1.6.6-1.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"subversion-python-1.6.6-1.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"subversion-ruby-1.6.6-1.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"subversion-server-1.6.6-1.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"subversion-tools-1.6.6-1.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsvn_auth_gnome_keyring-1-0 / libsvn_auth_kwallet-1-0 / etc\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:26", "description": "An access restriction bypass flaw was found in the mod_dav_svn module.\nIf the SVNPathAuthz directive was set to 'short_circuit', certain\naccess rules were not enforced, possibly allowing sensitive repository\ndata to be leaked to remote users. Note that SVNPathAuthz is set to\n'On' by default. (CVE-2010-3315)\n\nA server-side memory leak was found in the Subversion server. If a\nmalicious, remote user performed 'svn blame' or 'svn log' operations\non certain repository files, it could cause the Subversion server to\nconsume a large amount of system memory. (CVE-2010-4644)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn\nmodule processed certain requests. If a malicious, remote user issued\na certain type of request to display a collection of Subversion\nrepositories on a host that has the SVNListParentPath directive\nenabled, it could cause the httpd process serving the request to\ncrash. Note that SVNListParentPath is not enabled by default.\n(CVE-2010-4539)\n\nAfter installing the updated packages, the Subversion server must be\nrestarted for the update to take effect: restart httpd if you are\nusing mod_dav_svn, or restart svnserve if it is used.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : subversion on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4644", "CVE-2010-4539", "CVE-2010-3315"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110215_SUBVERSION_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60955);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3315\", \"CVE-2010-4539\", \"CVE-2010-4644\");\n\n script_name(english:\"Scientific Linux Security Update : subversion on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An access restriction bypass flaw was found in the mod_dav_svn module.\nIf the SVNPathAuthz directive was set to 'short_circuit', certain\naccess rules were not enforced, possibly allowing sensitive repository\ndata to be leaked to remote users. Note that SVNPathAuthz is set to\n'On' by default. (CVE-2010-3315)\n\nA server-side memory leak was found in the Subversion server. If a\nmalicious, remote user performed 'svn blame' or 'svn log' operations\non certain repository files, it could cause the Subversion server to\nconsume a large amount of system memory. (CVE-2010-4644)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn\nmodule processed certain requests. If a malicious, remote user issued\na certain type of request to display a collection of Subversion\nrepositories on a host that has the SVNListParentPath directive\nenabled, it could cause the httpd process serving the request to\ncrash. Note that SVNListParentPath is not enabled by default.\n(CVE-2010-4539)\n\nAfter installing the updated packages, the Subversion server must be\nrestarted for the update to take effect: restart httpd if you are\nusing mod_dav_svn, or restart svnserve if it is used.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=5160\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f86c1ee8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"mod_dav_svn-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"subversion-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"subversion-devel-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"subversion-gnome-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"subversion-javahl-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"subversion-kde-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"subversion-perl-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"subversion-ruby-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"subversion-svn2cl-1.6.11-2.el6_0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:45:41", "description": "From Red Hat Security Advisory 2011:0258 :\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSubversion (SVN) is a concurrent version control system which enables\none or more users to collaborate in developing and maintaining a\nhierarchy of files and directories while keeping a history of all\nchanges. The mod_dav_svn module is used with the Apache HTTP Server to\nallow access to Subversion repositories via HTTP.\n\nAn access restriction bypass flaw was found in the mod_dav_svn module.\nIf the SVNPathAuthz directive was set to 'short_circuit', certain\naccess rules were not enforced, possibly allowing sensitive repository\ndata to be leaked to remote users. Note that SVNPathAuthz is set to\n'On' by default. (CVE-2010-3315)\n\nA server-side memory leak was found in the Subversion server. If a\nmalicious, remote user performed 'svn blame' or 'svn log' operations\non certain repository files, it could cause the Subversion server to\nconsume a large amount of system memory. (CVE-2010-4644)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn\nmodule processed certain requests. If a malicious, remote user issued\na certain type of request to display a collection of Subversion\nrepositories on a host that has the SVNListParentPath directive\nenabled, it could cause the httpd process serving the request to\ncrash. Note that SVNListParentPath is not enabled by default.\n(CVE-2010-4539)\n\nAll Subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the Subversion server must be restarted for the\nupdate to take effect: restart httpd if you are using mod_dav_svn, or\nrestart svnserve if it is used.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : subversion (ELSA-2011-0258)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4644", "CVE-2010-4539", "CVE-2010-3315"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:subversion-kde", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:subversion-javahl", "p-cpe:/a:oracle:linux:subversion-ruby", "p-cpe:/a:oracle:linux:subversion-perl", "p-cpe:/a:oracle:linux:subversion", "p-cpe:/a:oracle:linux:mod_dav_svn", "p-cpe:/a:oracle:linux:subversion-devel", "p-cpe:/a:oracle:linux:subversion-svn2cl", "p-cpe:/a:oracle:linux:subversion-gnome"], "id": "ORACLELINUX_ELSA-2011-0258.NASL", "href": "https://www.tenable.com/plugins/nessus/68200", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0258 and \n# Oracle Linux Security Advisory ELSA-2011-0258 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68200);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3315\", \"CVE-2010-4539\", \"CVE-2010-4644\");\n script_bugtraq_id(43678, 45655);\n script_xref(name:\"RHSA\", value:\"2011:0258\");\n\n script_name(english:\"Oracle Linux 6 : subversion (ELSA-2011-0258)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0258 :\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSubversion (SVN) is a concurrent version control system which enables\none or more users to collaborate in developing and maintaining a\nhierarchy of files and directories while keeping a history of all\nchanges. The mod_dav_svn module is used with the Apache HTTP Server to\nallow access to Subversion repositories via HTTP.\n\nAn access restriction bypass flaw was found in the mod_dav_svn module.\nIf the SVNPathAuthz directive was set to 'short_circuit', certain\naccess rules were not enforced, possibly allowing sensitive repository\ndata to be leaked to remote users. Note that SVNPathAuthz is set to\n'On' by default. (CVE-2010-3315)\n\nA server-side memory leak was found in the Subversion server. If a\nmalicious, remote user performed 'svn blame' or 'svn log' operations\non certain repository files, it could cause the Subversion server to\nconsume a large amount of system memory. (CVE-2010-4644)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn\nmodule processed certain requests. If a malicious, remote user issued\na certain type of request to display a collection of Subversion\nrepositories on a host that has the SVNListParentPath directive\nenabled, it could cause the httpd process serving the request to\ncrash. Note that SVNListParentPath is not enabled by default.\n(CVE-2010-4539)\n\nAll Subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the Subversion server must be restarted for the\nupdate to take effect: restart httpd if you are using mod_dav_svn, or\nrestart svnserve if it is used.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001883.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected subversion packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:subversion-svn2cl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"mod_dav_svn-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"subversion-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"subversion-devel-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"subversion-gnome-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"subversion-javahl-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"subversion-kde-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"subversion-perl-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"subversion-ruby-1.6.11-2.el6_0.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"subversion-svn2cl-1.6.11-2.el6_0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_dav_svn / subversion / subversion-devel / subversion-gnome / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4644", "CVE-2010-4539", "CVE-2010-3315"], "description": "[1.6.11-2.2]\n- add security fixes for CVE-2010-4644, CVE-2010-4539 (#672678)\n[1.6.11-2.1]\n- add security fix for CVE-2010-3315 (#640322)", "edition": 4, "modified": "2011-02-15T00:00:00", "published": "2011-02-15T00:00:00", "id": "ELSA-2011-0258", "href": "http://linux.oracle.com/errata/ELSA-2011-0258.html", "title": "subversion security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3315", "CVE-2010-4539", "CVE-2010-4644"], "description": "Subversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access to\nSubversion repositories via HTTP.\n\nAn access restriction bypass flaw was found in the mod_dav_svn module. If\nthe SVNPathAuthz directive was set to \"short_circuit\", certain access rules\nwere not enforced, possibly allowing sensitive repository data to be leaked\nto remote users. Note that SVNPathAuthz is set to \"On\" by default.\n(CVE-2010-3315)\n\nA server-side memory leak was found in the Subversion server. If a\nmalicious, remote user performed \"svn blame\" or \"svn log\" operations on\ncertain repository files, it could cause the Subversion server to consume\na large amount of system memory. (CVE-2010-4644)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn module\nprocessed certain requests. If a malicious, remote user issued a certain\ntype of request to display a collection of Subversion repositories on a\nhost that has the SVNListParentPath directive enabled, it could cause the\nhttpd process serving the request to crash. Note that SVNListParentPath is\nnot enabled by default. (CVE-2010-4539)\n\nAll Subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the Subversion server must be restarted for the update\nto take effect: restart httpd if you are using mod_dav_svn, or restart\nsvnserve if it is used.\n", "modified": "2018-06-06T20:24:28", "published": "2011-02-15T05:00:00", "id": "RHSA-2011:0258", "href": "https://access.redhat.com/errata/RHSA-2011:0258", "type": "redhat", "title": "(RHSA-2011:0258) Moderate: subversion security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:23:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4644", "CVE-2010-4539", "CVE-2010-3315", "CVE-2007-2448"], "description": "It was discovered that Subversion incorrectly handled certain 'partial \naccess' privileges in rare scenarios. Remote authenticated users could use \nthis flaw to obtain sensitive information (revision properties). This issue \nonly applied to Ubuntu 6.06 LTS. (CVE-2007-2448)\n\nIt was discovered that the Subversion mod_dav_svn module for Apache did not \nproperly handle a named repository as a rule scope. Remote authenticated \nusers could use this flaw to bypass intended restrictions. This issue only \napplied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-3315)\n\nIt was discovered that the Subversion mod_dav_svn module for Apache \nincorrectly handled the walk function. Remote authenticated users could use \nthis flaw to cause the service to crash, leading to a denial of service. \n(CVE-2010-4539)\n\nIt was discovered that Subversion incorrectly handled certain memory \noperations. Remote authenticated users could use this flaw to consume large \nquantities of memory and cause the service to crash, leading to a denial of \nservice. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10. \n(CVE-2010-4644)", "edition": 5, "modified": "2011-02-01T00:00:00", "published": "2011-02-01T00:00:00", "id": "USN-1053-1", "href": "https://ubuntu.com/security/notices/USN-1053-1", "title": "Subversion vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}]}